def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
snapshot_access = ["RDSSnapshotNoPublicAccess"]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
#region CW Call
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print("assume-role" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
RDSSnapshotName = event["RDSSnapshotName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print("rds-client" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(snapshot_access).intersection(set(records)):
try:
rdssnapshot_access.run_remediation(rds, RDSSnapshotName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + RDSSnapshotName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + RDSSnapshotName)
}
#endregion
#region Portal Call
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
RDSSnapshotName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in snapshot_access:
responseCode, output = rdssnapshot_access.run_remediation(
rds, RDSSnapshotName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
docdb_clustername = event["DocdbClusterName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
docdb = boto3.client('docdb', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "DocDBDeletionProtection" in str(records):
try:
docdbcluster_deletion_protection.run_remediation(docdb,docdb_clustername)
print('remediated-' + docdb_clustername)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "DocDBBackupRetentionPeriod" in str(records):
try:
docdbcluster_backup_retention.run_remediation(docdb,docdb_clustername)
print('remediated-' + docdb_clustername)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "DocDBCloudWatchLogsEnabled" in str(records):
try:
docdbcluster_logexport.run_remediation(docdb,docdb_clustername)
print('remediated-' + docdb_clustername)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + docdb_clustername)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
docdb_clustername = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
docdb = boto3.client('docdb', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "DocDBBackupRetentionPeriod":
responseCode,output = docdbcluster_backup_retention.run_remediation(docdb,docdb_clustername)
if PolicyId == "DocDBCloudWatchLogsEnabled":
responseCode,output = docdbcluster_logexport.run_remediation(docdb,docdb_clustername)
if PolicyId == "DocDBDeletionProtection":
responseCode,output = docdbcluster_deletion_protection.run_remediation(docdb,docdb_clustername)
except ClientError as e:
responseCode = 400
output = "Unable to remediate docdb cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate docdb cluster: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
queue_url = event["QueueUrl"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
sqs = boto3.client('sqs',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "SQSSSEEnabled" in str(records):
try:
sqs_enable_sse.run_remediation(sqs, queue_url)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + queue_url)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + queue_url)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
queue_name = json.loads(event["body"])["ResourceName"]
queue_url = "https://sqs." + Region_name + ".amazonaws.com/" + CustAccID + "/" + queue_name
except:
Region = ""
try:
# Establish a session with the portal
sqs = boto3.client('sqs',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
# Create KMS client
kms = boto3.client('kms',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "SQSSSEEnabled":
responseCode, output = sqs_enable_sse.run_remediation(
sqs, queue_url)
except ClientError as e:
responseCode = 400
output = "Unable to remediate sqs queue : " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate sqs queue : " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
redshift_name = event["redshift"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
redshift = boto3.client('redshift', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "RedShiftNotPublic" in str(records):
try:
redshift_not_public.run_remediation(redshift,redshift_name)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "RedShiftVersionUpgrade" in str(records):
try:
redshift_autoversionupgrade.run_remediation(redshift,redshift_name)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "RedShiftAutomatedSnapshot" in str(records):
try:
redshift_automatic_retention.run_remediation(redshift,redshift_name)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
print('remediated-' + redshift_name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + redshift_name)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
redshift_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
redshift = boto3.client('redshift', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "RedShiftNotPublic":
responseCode,output = redshift_not_public.run_remediation(redshift,redshift_name)
if PolicyId == "RedShiftVersionUpgrade":
responseCode,output = redshift_autoversionupgrade.run_remediation(redshift,redshift_name)
if PolicyId == "RedShiftAutomatedSnapshot":
responseCode,output = redshift_automatic_retention.run_remediation(redshift,redshift_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate redshift: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate redshift: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try:
# common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
FileSystemId = event["FileSystemId"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
fsx = boto3.client('fsx',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "AWSFSxBackupRetentionPeriod7Days" in str(
records) or "AWSFSxBackupRetentionPeriod" in str(records):
try:
fsx_windows_backup_retention.run_remediation(fsx, FileSystemId)
print('remediated-' + FileSystemId)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + FileSystemId)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
FileSystemId = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
fsx = boto3.client('fsx',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in [
"AWSFSxBackupRetentionPeriod7Days",
"AWSFSxBackupRetentionPeriod"
]:
responseCode, output = fsx_windows_backup_retention.run_remediation(
fsx, FileSystemId)
except ClientError as e:
responseCode = 400
output = "Unable to remediate fsx: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate fsx: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
delivery_stream_name = event["StreamName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
kinesis_firehose = boto3.client(
'firehose',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "KinesisFirehoseEncryption" in str(records):
try:
kinesis_firehose_default_encryption.run_remediation(
kinesis_firehose, delivery_stream_name)
print('remediated-' + delivery_stream_name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + delivery_stream_name)
}
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
delivery_stream_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
kinesis_firehose = boto3.client(
'firehose',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "KinesisFirehoseEncryption":
responseCode, output = kinesis_firehose_default_encryption.run_remediation(
kinesis_firehose, delivery_stream_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate kinesis firehose: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate kinesis firehose: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
Trail = event["Trail"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
cloudtrail_client = boto3.client(
'cloudtrail',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "CTMultiRegionTrail" in str(records):
try:
cloudtrail_enable_multi_region_trail.run_remediation(
cloudtrail_client, Trail)
print('remediated-' + Trail)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "CTLogFileValidation" in str(records):
try:
cloudtrail_enable_log_file_validation.run_remediation(
cloudtrail_client, Trail)
print('remediated-' + Trail)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "CTIsLogging" in str(records):
try:
cloudtrail_enable_trail_logging.run_remediation(
cloudtrail_client, Trail)
print('remediated-' + Trail)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
#returning the output Array in json format
return {'statusCode': 200, 'body': json.dumps('remediated-' + Trail)}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
Trail = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
cloudtrail_client = boto3.client(
'cloudtrail',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "CTMultiRegionTrail":
responseCode, output = cloudtrail_enable_multi_region_trail.run_remediation(
cloudtrail_client, Trail)
except ClientError as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
try:
if PolicyId == "CTLogFileValidation":
responseCode, output = cloudtrail_enable_log_file_validation.run_remediation(
cloudtrail_client, Trail)
except ClientError as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
try:
if PolicyId == "CTIsLogging":
responseCode, output = cloudtrail_enable_trail_logging.run_remediation(
cloudtrail_client, Trail)
except ClientError as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
backup_retention = [
"SQLBackup", "SQLBackupTerm", "MariadbBackup", "MariadbBackupTerm",
"OracleBackup", "OracleBackupTerm", "SQLServerBackup",
"SQLServerBackupTerm", "MySQLBackup", "MySQLBackupTerm"
]
copytagstosnapshot = [
"SQLCopyTagsToSnapshot", "MariadbCopyTagsToSnapshot",
"OracleCopyTagsToSnapshot", "SQLServerCopyTagsToSnapshot",
"MySQLCopyTagsToSnapshot"
]
deletion_protection = [
"SQLDeletionProtection", "MariadbDeletionProtection",
"OracleDeletionProtection", "SQLServerDeletionProtection",
"MySQLDeletionProtection"
]
disable_public_access = [
"SQLPrivateInstance", "MariadbPrivateInstance",
"OraclePrivateInstance", "SQLServerPrivateInstance",
"AuroraInstancePrivateInstance", "MySQLPrivateInstance"
]
minor_version = [
"SQLVersionUpgrade", "MariadbVersionUpgrade", "OracleVersionUpgrade",
"SQLServerVersionUpgrade", "AuroraInstanceVersionUpgrade",
"MySQLVersionUpgrade"
]
multiaz = [
"SQLMultiAZEnabled", "MariadbMultiAZEnabled", "OracleMultiAZEnabled",
"SQLServerMultiAZEnabled", "MySQLMultiAZEnabled"
]
performance_insights = [
"SQLPerformanceInsights", "MariadbPerformanceInsights",
"OraclePerformanceInsights", "SQLServerPerformanceInsights",
"AuroraInstancePerformanceInsights", "MySQLPerformanceInsights"
]
instance_logexport = [
"MySQLlogExport", "MariadblogExport", "OraclelogExport"
]
instance_iam_auth = ["SQLIAMAuthEnabled", "MySQLIAMAuthEnabled"]
db_parameters = ["MySQLBlockEncryption", "MySQLEnableFIPS"]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
#region CW Call
if not PolicyId:
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
RDSInstanceName = event["RDSInstanceName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(backup_retention).intersection(set(records)):
try:
rdsinstance_backupretention.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(copytagstosnapshot).intersection(set(records)):
try:
rdsinstance_copytagstosnapshot.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(deletion_protection).intersection(set(records)):
try:
rdsinstance_deletion_protection.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(disable_public_access).intersection(set(records)):
try:
rdsinstance_disable_public_access.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(minor_version).intersection(set(records)):
try:
rdsinstance_minorversionupgrade.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(performance_insights).intersection(set(records)):
try:
rdsinstance_performanceinsights.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(instance_logexport).intersection(set(records)):
try:
rdsinstance_logsenabled.run_remediation(rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(instance_iam_auth).intersection(set(records)):
try:
rdsinstance_iam_auth.run_remediation(rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(db_parameters).intersection(set(records)):
try:
rdsinstance_updateparameters.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(multiaz).intersection(set(records)):
try:
rdsinstance_multizone.run_remediation(rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + RDSInstanceName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + RDSInstanceName)
}
#endregion
#region Portal Call
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
RDSInstanceName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in backup_retention:
responseCode, output = rdsinstance_backupretention.run_remediation(
rds, RDSInstanceName)
if PolicyId in copytagstosnapshot:
responseCode, output = rdsinstance_copytagstosnapshot.run_remediation(
rds, RDSInstanceName)
if PolicyId in deletion_protection:
responseCode, output = rdsinstance_deletion_protection.run_remediation(
rds, RDSInstanceName)
if PolicyId in disable_public_access:
responseCode, output = rdsinstance_disable_public_access.run_remediation(
rds, RDSInstanceName)
if PolicyId in minor_version:
responseCode, output = rdsinstance_minorversionupgrade.run_remediation(
rds, RDSInstanceName)
if PolicyId in multiaz:
responseCode, output = rdsinstance_multizone.run_remediation(
rds, RDSInstanceName)
if PolicyId in performance_insights:
responseCode, output = rdsinstance_performanceinsights.run_remediation(
rds, RDSInstanceName)
if PolicyId in instance_logexport:
responseCode, output = rdsinstance_logsenabled.run_remediation(
rds, RDSInstanceName)
if PolicyId in instance_iam_auth:
responseCode, output = rdsinstance_iam_auth.run_remediation(
rds, RDSInstanceName)
if PolicyId in db_parameters:
responseCode, output = rdsinstance_updateparameters.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate RDS Instance: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate RDS Instance: " + str(e)
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
common_policies = [
"S3bucketNoPublicAAUFull", "S3bucketNoPublicAAURead",
"S3bucketNoPublicAAUReadACP", "S3bucketNoPublicAAUWrite",
"S3bucketNoPublicAAUWriteACP", "S3notPublictoInternet",
"S3notPublicRead", "S3notPublicReadACP", "S3notPublicWrite",
"S3notPublicWriteACP"
]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
bucket_name = event["bucket"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
s3_client = boto3.client(
's3',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "S3EncryptionEnabled" in str(records):
try:
s3_put_bucket_encryption.run_remediation(
s3_client, bucket_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "S3VersioningEnabled" in str(records):
try:
s3_put_bucket_versioning.run_remediation(
s3_client, bucket_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(common_policies).intersection(set(records)):
try:
s3_put_bucket_acl.run_remediation(s3_client, bucket_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + bucket_name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + bucket_name)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
bucket_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
s3_client = boto3.client(
's3',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print("Error:" + str(e))
return {'statusCode': 400, 'body': ("Error:" + str(e))}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': ("Error:" + str(e))}
try:
if PolicyId == "S3EncryptionEnabled":
responseCode, output = s3_put_bucket_encryption.run_remediation(
s3_client, bucket_name)
if PolicyId == "S3VersioningEnabled":
responseCode, output = s3_put_bucket_versioning.run_remediation(
s3_client, bucket_name)
if PolicyId in str(common_policies):
responseCode, output = s3_put_bucket_acl.run_remediation(
s3_client, bucket_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate bucket: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate bucket: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
pass
try:
# Establish a session with the portal
iam_client = boto3.client(
'iam',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordRequiredNumber" in str(records):
try:
iam_require_numbers.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordUpCaseLetter" in str(records):
try:
iam_require_uppercaseletters.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordRequiredSymbols" in str(records):
try:
iam_require_symbols.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMRequireLowercaseLetter" in str(records):
try:
iam_require_lowercaseletters.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMMinPasswordLength" in str(records):
try:
iam_minimum_passwordlength.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMExpirePasswords" in str(records):
try:
iam_password_expiration.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordReusePrevention" in str(records):
try:
iam_password_reuse.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print("Remediated IAM policies")
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps("Remediated IAM policies")
}
else:
print("CN-portal triggered remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
# Establish a session with the portal
iam_client = boto3.client(
'iam',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
responseCode = 400
output = "Policies not configured"
if PolicyId == "IAMPasswordRequiredNumber":
responseCode, output = iam_require_numbers.run_remediation(
iam_client)
if PolicyId == "IAMPasswordUpCaseLetter":
responseCode, output = iam_require_uppercaseletters.run_remediation(
iam_client)
if PolicyId == "IAMPasswordRequiredSymbols":
responseCode, output = iam_require_symbols.run_remediation(
iam_client)
if PolicyId == "IAMRequireLowercaseLetter":
responseCode, output = iam_require_lowercaseletters.run_remediation(
iam_client)
if PolicyId == "IAMMinPasswordLength":
responseCode, output = iam_minimum_passwordlength.run_remediation(
iam_client)
if PolicyId == "IAMExpirePasswords":
responseCode, output = iam_password_expiration.run_remediation(
iam_client)
if PolicyId == "IAMPasswordReusePrevention":
responseCode, output = iam_password_reuse.run_remediation(
iam_client)
except ClientError as e:
responseCode = 400
output = "Unable to remediate IAM Policies: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate IAM Policies: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
#multi-event customer account CW event
try:
cw_data = event['awslogs']['data']
except:
cw_data = ''
#multi-account verify access
try:
VerifyAccess = json.loads(event['body'])['VerifyAccess']
print(VerifyAccess)
except:
VerifyAccess = ''
#trigger by cw logs
if cw_data:
try:
compressed_payload = base64.b64decode(cw_data)
uncompressed_payload = gzip.decompress(compressed_payload)
payload = json.loads(uncompressed_payload)
log_events = payload['logEvents']
log_event = json.loads(log_events[0]['message'])
AWSAccId = log_event["userIdentity"]["accountId"]
except ClientError as e:
print(e)
except Exception as e:
print(e)
try:
iam = boto3.client("iam")
role_det = iam.get_role(RoleName='CN-Auto-Remediation-Role')['Role']['AssumeRolePolicyDocument']['Statement']
for i in range(len(role_det)):
if AWSAccId not in str(role_det[i]['Principal']):
RemAccDet = role_det[i]['Principal']['AWS']
RemAccId = (RemAccDet.split('arn:aws:iam::')[1]).split(':root')[0]
break
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': json.dumps(str(e))
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': json.dumps(str(e))
}
try: # common code
remdiationfunc_rolearn = 'arn:aws:iam::' + RemAccId + ':role/CN-Remediation-Invocation-Role'
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(remdiationfunc_rolearn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': json.dumps(str(e))
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': json.dumps(str(e))
}
try:
invokeLambda = boto3.client('lambda',aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token, region_name='us-east-1')
response = invokeLambda.invoke(FunctionName = 'cn-aws-remediate-orchestrator', InvocationType = 'RequestResponse', Payload = json.dumps(event))
t = json.loads(response['Payload'].read())
print(t['body'])
return {
'statusCode': 200,
'body': json.dumps(t)
}
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': json.dumps(str(e))
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': json.dumps(str(e))
}
elif VerifyAccess:
IsVerified = True
try: # common code
cust_accid, remdiationacc_rolearn = common.getRemRoleArn(event)
common.getCredentials(remdiationacc_rolearn)
except:
IsVerified = False
return IsVerified
def lambda_handler(event, context):
cloudtrail_list = ["CTMultiRegionTrail", "CTLogFileValidation"]
elb_list = ["ClassicLBConnDraining"]
elbv2_list = ["AppLBDeletionProtection", "NetworkLBDeletionProtection"]
iam_list = [
"IAMPasswordRequiredNumber", "IAMPasswordUpCaseLetter",
"IAMPasswordRequiredSymbols", "IAMRequireLowercaseLetter",
"IAMMinPasswordLength", "IAMExpirePasswords",
"IAMPasswordReusePrevention"
]
kinesis_list = ["KinesisEnhancedMonitoring", "KinesisSSE"]
kms_list = ["KMSKeyRotation"]
rds_cluster_list = [
"AuroraDeleteProtection", "AuroraServerlessDeleteProtection",
"AuroraPostgresServerlessDeleteProtection", "AuroraBackup",
"AuroraBackupTerm", "AuroraServerlessBackupTerm",
"AuroraPostgresServerlessBackupTerm", "AuroraCopyTagsToSnapshot",
"AuroraServerlessCopyTagsToSnapshot",
"AuroraPostgresServerlessCopyTagsToSnapshot",
"AuroraServerlessScalingAutoPause",
"AuroraPostgresServerlessScalingAutoPause"
]
rds_instance_list = [
"SQLBackup", "SQLBackupTerm", "MariadbBackup", "MariadbBackupTerm",
"OracleBackup", "OracleBackupTerm", "SQLServerBackup",
"SQLServerBackupTerm", "SQLCopyTagsToSnapshot",
"MariadbCopyTagsToSnapshot", "OracleCopyTagsToSnapshot",
"SQLServerCopyTagsToSnapshot", "SQLDeletionProtection",
"MariadbDeletionProtection", "OracleDeletionProtection",
"SQLServerDeletionProtection", "SQLPrivateInstance",
"MariadbPrivateInstance", "OraclePrivateInstance",
"SQLServerPrivateInstance", "AuroraInstancePrivateInstance",
"SQLVersionUpgrade", "MariadbVersionUpgrade", "OracleVersionUpgrade",
"SQLServerVersionUpgrade", "AuroraInstanceVersionUpgrade",
"SQLMultiAZEnabled", "MariadbMultiAZEnabled", "OracleMultiAZEnabled",
"SQLServerMultiAZEnabled", "SQLPerformanceInsights",
"MariadbPerformanceInsights", "OraclePerformanceInsights",
"SQLServerPerformanceInsights", "AuroraInstancePerformanceInsights"
]
redshift_list = [
"RedShiftNotPublic", "RedShiftVersionUpgrade",
"RedShiftAutomatedSnapshot"
]
s3_list = [
"S3VersioningEnabled", "S3EncryptionEnabled",
"S3bucketNoPublicAAUFull", "S3bucketNoPublicAAURead",
"S3bucketNoPublicAAUReadACP", "S3bucketNoPublicAAUWrite",
"S3bucketNoPublicAAUWriteACP", "S3notPublictoInternet",
"S3notPublicRead", "S3notPublicReadACP", "S3notPublicWrite",
"S3notPublicWriteACP"
]
try:
runtime_region = os.environ['AWS_REGION']
except:
runtime_region = 'us-east-1'
try:
policy_list = json.loads(event['body'])['RemediationPolicies']
policy_flag = 1
except:
policy_flag = 0
pass
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
try:
cw_data = event['awslogs']['data']
except:
cw_data = ''
try:
VerifyAccess = json.loads(event['body'])['VerifyAccess']
except:
VerifyAccess = ''
#region Policy Discovery
if policy_flag:
try:
RemediationAWSAccountId = json.loads(
event['body'])['RemediationAWSAccountId']
RemAccHash = hashlib.md5(
str(RemediationAWSAccountId).encode('utf-8')).hexdigest()
s3Client = boto3.client('s3')
buckets = s3Client.list_buckets()['Buckets']
for i in range(len(buckets)):
if RemAccHash in str(buckets[i]['Name']):
rem_bucket = buckets[i]['Name']
try:
s3Client.get_bucket_versioning(Bucket=rem_bucket)
break
except:
pass
except ClientError as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
except Exception as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
# rem_bucket = 'cn-rem-cust-rem-acc'
available_list = cloudtrail_list + elb_list + elbv2_list + iam_list + kinesis_list + kms_list + rds_cluster_list + rds_instance_list + redshift_list + s3_list
try:
if set(policy_list) <= set(available_list):
RemediationData = json.loads(event['body'])
AWSAccountId = json.loads(event['body'])["AWSAccountId"]
hash_object = hashlib.sha256('{AWSAccountId}'.format(
AWSAccountId=AWSAccountId).encode())
hash_key = hash_object.hexdigest()
hash_key = 'policy_config/' + hash_key
s3Client.put_object(Bucket=rem_bucket,
Key=hash_key,
Body=(bytes(
json.dumps(RemediationData,
indent=2).encode('UTF-8'))))
return {
'statusCode': 200,
'body': json.dumps("Policies configured")
}
else:
return {
'statusCode': 403,
'body': json.dumps("Update Remediation Framework")
} #update remediation framework
except ClientError as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
except Exception as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
#endregion
#region Auto-remediation
elif cw_data:
try:
records = ""
compressed_payload = base64.b64decode(cw_data)
uncompressed_payload = gzip.decompress(compressed_payload)
payload = json.loads(uncompressed_payload)
log_events = payload['logEvents']
log_event = json.loads(log_events[0]['message'])
AWSAccId = log_event["userIdentity"]["accountId"]
EventName = log_event["eventName"]
EventSource = log_event["userIdentity"]["arn"]
except ClientError as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
except Exception as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
try:
sts = boto3.client('sts')
RemediationAWSAccountId = sts.get_caller_identity()['Account']
except:
RemediationAWSAccountId = AWSAccId
if "assumed-role/CN-Auto-Remediation-Role" not in str(EventSource):
try:
hash_object = hashlib.sha256(
'{AWSAccId}'.format(AWSAccId=AWSAccId).encode())
hash_key = hash_object.hexdigest()
hash_key = 'policy_config/' + hash_key
except ClientError as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
except Exception as e:
print(e)
return {'statusCode': 401, 'body': json.dumps(str(e))}
try:
s3Client = boto3.client('s3')
buckets = s3Client.list_buckets()['Buckets']
RemAccHash = hashlib.md5(
str(RemediationAWSAccountId).encode('utf-8')).hexdigest()
for i in range(len(buckets)):
if RemAccHash in str(buckets[i]['Name']):
rem_bucket = buckets[i]['Name']
try:
s3Client.get_bucket_versioning(Bucket=rem_bucket)
break
except:
pass
# SQL="select s.RemediationPolicies from s3object s where s.AWSAccountId = '" + cust_acc + "'"
SQL = "select s.RemediationPolicies from s3object s"
data = s3Client.select_object_content(
Bucket=rem_bucket,
Key=hash_key,
ExpressionType='SQL',
Expression=SQL,
InputSerialization={
'CompressionType': 'NONE',
'JSON': {
'Type': 'DOCUMENT'
}
},
OutputSerialization={'JSON': {
'RecordDelimiter': '\n',
}})
for event in data['Payload']:
if 'Records' in event:
records = event['Records']['Payload'].decode('utf-8')
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': json.dumps(str(e))}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': json.dumps(str(e))}
if records:
try:
invokeLambda = boto3.client('lambda',
region_name=runtime_region)
except ClientError as e:
print(e)
return {
'statusCode':
401,
'body':
json.dumps('Error during remediation, error:' + str(e))
}
except Exception as e:
print(e)
return {
'statusCode':
401,
'body':
json.dumps('Error during remediation, error:' + str(e))
}
#region cloudtrail sub-orchestrator call
if EventName in ["CreateTrail", "UpdateTrail"]:
try:
Trail = log_event["responseElements"]["name"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"Trail": Trail,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-cloudtrail',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region load-balancer sub-orchestrator call
if EventName in [
"CreateLoadBalancer", "ModifyLoadBalancerAttributes"
]:
if EventName == "CreateLoadBalancer":
try:
lb_detail = log_event["requestParameters"]["type"]
if lb_detail in ["application", "network"]:
lb_type = 'elbv2'
else:
lb_type = 'elb'
except:
lb_type = 'elb'
else:
try:
lb_attributes = log_event["requestParameters"][
"attributes"]
lb_type = 'elbv2'
except:
lb_type = 'elb'
if lb_type == 'elbv2':
try:
if EventName == "CreateLoadBalancer":
LoadBalancerArn = log_event[
"responseElements"]["loadBalancers"][0][
"loadBalancerArn"]
else:
LoadBalancerArn = log_event[
"requestParameters"]["loadBalancerArn"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"LoadBalancerArn": LoadBalancerArn,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-elbv2',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
else:
try:
LoadBalancerName = log_event["requestParameters"][
"loadBalancerName"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"LoadBalancerName": LoadBalancerName,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-elb',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region IAM sub-orchestrator call
if EventName in [
"UpdateAccountPasswordPolicy",
"DeleteAccountPasswordPolicy"
]:
try:
remediationObj = {
"accountId": AWSAccId,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-iam',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region Kinesis sub-orchestrator call
if EventName in [
"CreateStream", "StopStreamEncryption",
"DisableEnhancedMonitoring"
]:
try:
kinesis_stream = log_event["requestParameters"][
"streamName"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"kinesis_stream": kinesis_stream,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-kinesis',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region kms suborchestrator invocation
if EventName in ["CreateKey", "DisableKeyRotation"]:
try:
KeyId = log_event["responseElements"]["keyMetadata"][
"keyId"]
Region = log_event["awsRegion"]
except:
KeyId = log_event["requestParameters"]["keyId"]
Region = log_event["awsRegion"]
try:
remediationObj = {
"accountId": AWSAccId,
"KeyId": KeyId,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-kms',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region rds cluster suborchestrator call
if EventName in [
"CreateDBCluster", "ModifyDBCluster",
"CreateDBInstance"
]:
try:
DBEngine = log_event["responseElements"]["engine"]
except:
DBEngine = ''
if 'aurora' in str(DBEngine):
try:
RDSClusterName = log_event["responseElements"][
"dBClusterIdentifier"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"RDSClusterName": RDSClusterName,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-rdscluster',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region rds instance suborchestrator call
if EventName in ["CreateDBInstance", "ModifyDBInstance"]:
try:
RDSInstanceName = log_event["responseElements"][
"dBInstanceIdentifier"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"RDSInstanceName": RDSInstanceName,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-rdsinstance',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region redshift sub-orchestrator call
if EventName in ["CreateCluster", "ModifyCluster"]:
try:
redshift = log_event["requestParameters"][
"clusterIdentifier"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"redshift": redshift,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-redshift',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region S3 sub-orchestrator call
if EventName in [
"CreateBucket", "PutBucketAcl",
"DeleteBucketEncryption", "PutBucketVersioning"
]:
try:
bucket = log_event["requestParameters"]["bucketName"]
Region = log_event["awsRegion"]
remediationObj = {
"accountId": AWSAccId,
"bucket": bucket,
"Region": Region,
"policies": records
}
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-s3-bucket',
InvocationType='RequestResponse',
Payload=json.dumps(remediationObj))
response = json.loads(response['Payload'].read())
print(response)
return {
'statusCode': 200,
'body': json.dumps(response)
}
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
else:
print("Policies not configured for remediation")
return {
'statusCode': 200,
'body':
json.dumps("Policies not configured for remediation")
}
else:
return {
'statusCode': 200,
'body': json.dumps("Resource already remediated!")
}
#endregion
#region Verify-Access
elif VerifyAccess:
OrchestartorAccess, RelayAccess = (True, ) * 2
try:
AWSAccId = json.loads(event['body'])['AWSAccountId']
RemAccId = json.loads(event['body'])['RemediationAWSAccountId']
except:
pass
if RemAccId != AWSAccId:
try:
cust_accid, remdiationfunc_rolearn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
remdiationfunc_rolearn)
except:
OrchestartorAccess = False
try:
invokeLambda = boto3.client(
'lambda',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=runtime_region)
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-relayfunction',
InvocationType='RequestResponse',
Payload=json.dumps(event))
RelayAccess = json.loads(response['Payload'].read())
except:
RelayAccess = False
else:
try:
cust_accid, remdiatoracc_rolearn = common.getRoleArn(event)
common.getCredentials(remdiatoracc_rolearn)
except:
OrchestartorAccess = False
return [RelayAccess, OrchestartorAccess]
#endregion
#region CN Portal Triggered remediation
else:
try:
invokeLambda = boto3.client('lambda', region_name=runtime_region)
except ClientError as e:
print(e)
response = {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': json.dumps(str(e))}
#region cloudtrail suborchestrator call
if PolicyId in (cloudtrail_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-cloudtrail',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region elb suborchestrator call
if PolicyId in (elb_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-elb',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region elb suborchestrator call
if PolicyId in (elbv2_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-elbv2',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region IAM sub-orchestrator call
if PolicyId in (iam_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-iam',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
response = {'statusCode': 401, 'body': str(e)}
except Exception as e:
print('Error during remediation, error:' + str(e))
return {'statusCode': 401, 'body': str(e)}
#endregion
#region Kinesis sub-orchestrator call
if PolicyId in (kinesis_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-kinesis',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
response = {'statusCode': 401, 'body': str(e)}
except Exception as e:
print('Error during remediation, error:' + str(e))
return {'statusCode': 401, 'body': str(e)}
#endregion
#region kms suborchestrator call
if PolicyId in (kms_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-kms',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region rds cluster suborchestrator call
if PolicyId in (rds_cluster_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-rdscluster',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region rds instance suborchestrator call
if PolicyId in (rds_instance_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-rdsinstance',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
except Exception as e:
print('Error during remediation, error:' + str(e))
#endregion
#region Redshift sub-orchestrator call
if PolicyId in (redshift_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-redshift',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
response = {'statusCode': 401, 'body': str(e)}
except Exception as e:
print('Error during remediation, error:' + str(e))
return {'statusCode': 401, 'body': str(e)}
#endregion
#region S3 sub-orchestrator call
if PolicyId in str(s3_list):
try:
response = invokeLambda.invoke(
FunctionName='cn-aws-remediate-s3-bucket',
InvocationType='RequestResponse',
Payload=json.dumps(event))
response = json.loads(response['Payload'].read())
print(response)
except ClientError as e:
print('Error during remediation, error:' + str(e))
response = {'statusCode': 401, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 401, 'body': str(e)}
#endregion
return {'statusCode': response['statusCode'], 'body': response['body']}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
neptune_name = event["NeptuneInstanceName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
neptune = boto3.client('neptune',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "NeptuneAutoMinorVersionUpgrade" in str(records):
try:
neptuneinstance_minorversionupgrade.run_remediation(
neptune, neptune_name)
print('remediated-' + neptune_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "NeptuneCpoyTagsToSnapshots" in str(records):
try:
neptuneinstance_copytagstosnapshot.run_remediation(
neptune, neptune_name)
print('remediated-' + neptune_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "NeptunePrivateAccess" in str(records):
try:
neptuneinstance_disable_public_access.run_remediation(
neptune, neptune_name)
print('remediated-' + neptune_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + neptune_name)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
neptune_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
neptune = boto3.client('neptune',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "NeptuneAutoMinorVersionUpgrade":
responseCode, output = neptuneinstance_minorversionupgrade.run_remediation(
neptune, neptune_name)
if PolicyId == "NeptuneCpoyTagsToSnapshots":
responseCode, output = neptuneinstance_copytagstosnapshot.run_remediation(
neptune, neptune_name)
if PolicyId == "NeptunePrivateAccess":
responseCode, output = neptuneinstance_disable_public_accessw.run_remediation(
neptune, neptune_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate neptune: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate neptune: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
deletion_protection = [
"AppLBDeletionProtection", "NetworkLBDeletionProtection"
]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
LoadBalancerArn = event["LoadBalancerArn"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
elbv2 = boto3.client('elbv2',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(deletion_protection).intersection(set(records)):
try:
elbv2_deletionprotection.run_remediation(
elbv2, LoadBalancerArn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + LoadBalancerArn)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + LoadBalancerArn)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
LoadBalancerArn = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
elbv2 = boto3.client('elbv2',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in deletion_protection:
responseCode, output = elbv2_deletionprotection.run_remediation(
elbv2, LoadBalancerArn)
except ClientError as e:
responseCode = 400
output = "Unable to remediate load balancer: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate load balancer: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
EKSClusterName = event["EKSClusterName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
eks = boto3.client('eks', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "EKSClusterLogging" in str(records):
try:
eks_controlplanlogging.run_remediation(eks,EKSClusterName)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
print('remediated-' + EKSClusterName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + EKSClusterName)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
EKSClusterName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
eks = boto3.client('eks', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "EKSClusterLogging":
responseCode,output = eks_controlplanlogging.run_remediation(eks,EKSClusterName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate EKS Cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate EKS Cluster: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
ConfigRoleARN = event["ConfigRoleARN"]
Name = event["Name"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
config = boto3.client('config', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "ConfigCaptureGlobalResources" in str(records):
try:
config_include_global_resources.run_remediation(config,ConfigRoleARN,Name)
print('remediated-' + Name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + Name)
}
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
ConfigRoleARN = ''
Name = ''
except:
Region = ""
try:
# Establish a session with the portal
config = boto3.client('config', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "ConfigCaptureGlobalResources":
responseCode,output = config_include_global_resources.run_remediation(config,ConfigRoleARN,Name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
auto_pause = [
"AuroraServerlessScalingAutoPause",
"AuroraPostgresServerlessScalingAutoPause"
]
backup_retention = [
"AuroraBackup", "AuroraBackupTerm", "AuroraServerlessBackupTerm",
"AuroraPostgresServerlessBackupTerm"
]
copytagstosnapshots = [
"AuroraCopyTagsToSnapshot", "AuroraServerlessCopyTagsToSnapshot",
"AuroraPostgresServerlessCopyTagsToSnapshot"
]
deletion_protection = [
"AuroraDeleteProtection", "AuroraServerlessDeleteProtection",
"AuroraPostgresServerlessDeleteProtection"
]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
#region CW Call
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print("assume-role" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
RDSClusterName = event["RDSClusterName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print("rds-client" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(auto_pause).intersection(set(records)):
try:
rdscluster_autopause.run_remediation(rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(backup_retention).intersection(set(records)):
try:
rdscluster_backupretention.run_remediation(rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(copytagstosnapshots).intersection(set(records)):
try:
rdscluster_copytagstosnapshot.run_remediation(
rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(deletion_protection).intersection(set(records)):
try:
rdscluster_deletion_protection.run_remediation(
rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + RDSClusterName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + RDSClusterName)
}
#endregion
#region Portal Call
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
RDSClusterName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in auto_pause:
responseCode, output = rdscluster_autopause.run_remediation(
rds, RDSClusterName)
if PolicyId in backup_retention:
responseCode, output = rdscluster_backupretention.run_remediation(
rds, RDSClusterName)
if PolicyId in copytagstosnapshots:
responseCode, output = rdscluster_copytagstosnapshot.run_remediation(
rds, RDSClusterName)
if PolicyId in deletion_protection:
responseCode, output = rdscluster_deletion_protection.run_remediation(
rds, RDSClusterName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
Instance_ID = event["InstanceID"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
ec2 = boto3.client('ec2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "EC2MonitoringState" in str(records):
try:
ec2_detailed_monitoring.run_remediation(ec2,Instance_ID)
print('remediated-' + Instance_ID)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "EC2TerminationProtection" in str(records):
try:
ec2_termination_protection.run_remediation(ec2,Instance_ID)
print('remediated-' + Instance_ID)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + Instance_ID)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
Instance_ID = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
ec2 = boto3.client('ec2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "EC2MonitoringState":
responseCode,output = ec2_detailed_monitoring.run_remediation(ec2,Instance_ID)
if PolicyId == "EC2TerminationProtection":
responseCode,output = ec2_termination_protection.run_remediation(ec2,Instance_ID)
except ClientError as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
